-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New API: list vulnerabilities by namespace #82
Conversation
@@ -141,6 +141,9 @@ const ( | |||
searchVulnerabilityForUpdate = ` FOR UPDATE OF v` | |||
searchVulnerabilityByNamespaceAndName = ` WHERE n.name = $1 AND v.name = $2 AND v.deleted_at IS NULL` | |||
searchVulnerabilityByID = ` WHERE v.id = $1` | |||
searchVulnerabilityByNamespace = ` WHERE n.name = $1 AND v.deleted_at IS NULL | |||
ORDER BY v.name | |||
LIMIT $2 offset $3` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To ensure good performances at scale, we try to avoid using OFFSET
but instead use WHERE id >= $3 ORDER BY l.ID LIMIT $2
. And then to avoid leaking that internal identifier, we encrypt the id at the API level. See how notifications work.
Thanks! I just wrote some comments ~ |
Update by encrypting page, just like notificationPage. |
@@ -316,3 +319,24 @@ func pageNumberToToken(page database.VulnerabilityNotificationPageNumber, key st | |||
|
|||
return string(tokenBytes) | |||
} | |||
|
|||
func tokenToNumber(token, key string) (int, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could definitely only have one function for marshaling and one function for unmarshaling for tokens. Just make it only return an error and you can pass a newly allocated type by reference similar to normal JSON unmarshalling.
Signed-off-by: liangchenye <liangchenye@huawei.com>
Signed-off-by: liangchenye <liangchenye@huawei.com>
Signed-off-by: liangchenye <liangchenye@huawei.com>
@jzelinskie good idea! updated by using tokenMarshal/tokenUnmarshal |
@@ -215,7 +215,8 @@ func NotificationFromDatabaseModel(dbNotification database.VulnerabilityNotifica | |||
|
|||
var nextPageStr string | |||
if nextPage != database.NoVulnerabilityNotificationPage { | |||
nextPageStr = pageNumberToToken(nextPage, key) | |||
nextPageBytes, _ := tokenMarshal(nextPage, key) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gofmt -s
would rewrite this to nextPageBytes := pageNumberToToken(nextPage, key)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I don't get it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
run gofmt -s
on this file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but nothing changes.
And pageNumberToToken is already replaced by tokenMarshal.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah! I'm sorry for the confusion. Usually gofmt -s
drops the ignored value if it's second.
…d error Signed-off-by: liangchenye <liangchenye@huawei.com>
@@ -8,6 +8,7 @@ | |||
- [Namespaces](#namespaces) | |||
- [GET](#get-namespaces) | |||
- [Vulnerabilities](#vulnerabilities) | |||
- [List](#get-namespacesnsnamevulnerabilities) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wish there was a better way to put this, because I was using HTTP verbs for all of these and technically this is a GET
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah but how though?
I think we're pretty much ready to merge that PR @jzelinskie? Except if you can find some better wording for the API docs. Again, thanks a lot @liangchenye for this great and much appreciated contribution! That's awesome, we're all very excited 👍 |
LGTM |
*: list vulnerabilities by namespace
#80
Signed-off-by: liangchenye liangchenye@huawei.com